Recent findings have revealed four critical vulnerabilities in the Ivanti Endpoint Manager, each rated 9.8 on the CVSS scale. These vulnerabilities, tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, allow unauthenticated attackers to potentially leak sensitive information and conduct relay attacks. Published research by vulnerability expert Zach Hanley highlights the ease with which these exploits can be executed. The Ivanti Endpoint Manager can inadvertently expose critical credentials when interacting with remote servers via its web-based APIs, emphasizing the urgent need for users to update their systems with the latest patches.
Security engineers released a proof-of-concept exploit for four critical Ivanti Endpoint Manager bugs, urging immediate patch updates for vulnerable systems.
Collection
[
|
...
]